Download PDF version of this article PDF

“Ransom-ware” on the Loose

You’ve watched in awe as spyware programs cannibalized each other, shook your head in disgust when that vigilante, anti-piracy P2P virus deleted all of your MP3s, and felt instant paranoia after learning about the astonishing number of zombie PCs out there (“could I be a zombie?”). Well, it just keeps getting weirder... and scarier.

Discovered by security researchers at Websense, the latest threat brings malware to an all-time low. This new Trojan, Trojan.Gpcoder, infects your PC, encrypts your files, and then sends you a “ransom” note directing you where to send money. Pay the ransom, and your files are unlocked. As Oliver Friedrichs from Symantec said, “This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination”… then demanding that you pay them to get it!

The weakness in the scheme is that bank transactions are fairly easy to trace, so accepting the ransom payment would expose the criminals to investigation. Up until now, profit has rarely been a key motive for hackers, so one can easily envision a similar Trojan sans ransom note—which could be even worse. If our mission-critical files were locked up, we might actually prefer the option of a quick-and-dirty payment to unlock them versus paying (of course) decryption experts to do the job.

WANT MORE?,+hold+them+for+ransom/2100-7349_3-5718678.html

Adopt IPv6 or Die

It’s time once again to revisit everyone’s favorite next-generation Internet protocol: IPv6. No, it hasn’t gone away. In fact, if you live in Japan or China, it’s quickly becoming part of your world. Not so for Westerners, who have been conspicuously slow to adopt the protocol. A recent study by Juniper Networks proves this indifference. In a pool of 349 “IT decision makers” in both business and government, only 7 percent felt that adopting IPv6 is “very important” to their IT goals.

What’s interesting are the things that these decision makers did find important: improving quality of service, improving security, and simplifying network management. In response to this data, Rod Merchison, a senior director at Security Products, said, “The reality is the answer to a lot of those requirements is IPv6.” That is, the real issue here is the miseducation of top IT managers about IPv6. When it was introduced in the mid-’90s, most saw it as a solution to the IP address space problem. Since that has now been addressed (no pun intended) by network technology vendors, many think IPv6 is no longer necessary—which is clearly not the case. The failure of the U.S. to get moving on IPv6 overlooks not only the potential improvements in network management and security, but also the advantages gained by having a quarter of the world’s ISPs clustered around Reston, Virginia. Many fear that Asia’s embrace of IPv6 might give that region’s ISPs an edge, which could hurt the U.S. economically, and, perhaps, geopolitically.


IBM Steps up on Linux Training

A previous ACM Queue News 2.0 story (“The Real Cost of Linux,” June 2005) focused on the relative dearth of Linux skills among today’s IT professionals and facetiously predicted a resultant wave of Linux training initiatives. Well, it seems someone is taking this shortage seriously: IBM. Big Blue recently announced training initiatives that focus on open source, standards-based skills. In cooperation with Red Hat, IBM will assist a slew of universities and vocational schools with educating the next generation of Linux professionals. Not least among these is the Sam M. Walton College of Business at the University of Arkansas, which has a full-fledged, multimillion-dollar program in the works.

IBM isn’t doing this solely to push Linux and open source. The training programs will also include courses covering IBM’s DB2 database and zSeries mainframes. It’s all very much in line with IBM’s apparent two-pronged vision: back Linux and open source, but make sure doing so provides opportunity to promote its bread-and-butter, proprietary database and mainframe products.



Originally published in Queue vol. 3, no. 6
see this item in the ACM Digital Library


© ACM, Inc. All Rights Reserved.